​Beware the fridge? Hackers targeting ‘smart’ home appliances

Security researchers have discovered the first broad Internet-of-Things cyberattack, targeting household gadgets and appliances, including at least one refrigerator.

Proofpoint, a vendor that offers data protection services, said
Thursday it had uncovered an unprecedented hack that encompassed
“more than 750,000 malicious email communications coming from
more than 100,000 everyday consumer gadgets such as
home-networking routers, connected multi-media centers,
televisions and at least one refrigerator that had been
compromised and used as a platform to launch attacks.”

The large-scale attack is believed to be the first home appliance
“botnet,” or a group of computers secretly operated by
hackers. And as shown by the tech giant Google’s recent purchase
of Nest - maker of “smart” thermostats and smoke alarms
that can be controlled via the internet - more and more home
devices and products will get individual computer chips and
online connections, a phenomenon also known as the
Internet-of-Things.

Proofpoint said in a press release that the hack occurred
sometime between December 23 and January 6. The hack released
waves of malicious email, often sent in spurts of 100,000 three
times per day, targeting entities and individuals around the
world.

The hack was not exactly refined, nor did it need to be,
Proofpoint said, based on user negligence.

“No more than 10 emails were initiated from any single IP
address, making the attack difficult to block based on location –
and in many cases, the devices had not been subject to a
sophisticated compromise; instead, misconfiguration and the use
of default passwords left the devices completely exposed on
public networks, available for takeover and use,” Proofpoint
said.

The International Data Corporation estimates by 2020, the larger
environment surrounding the Internet-of-Things will be comprised
of over 200 billion devices connected to the internet, together
valued at US$8.9 trillion. In 2012, that ecosystem was valued at
$4.8 trillion.

With this rapid growth will come a multitude of items highly
vulnerable to cyber-intrusion, according to Proofpoint.

“But [Internet-of-Things] devices are typically not protected
by the anti-spam and anti-virus infrastructures available to
organizations and individual consumers, nor are they routinely
monitored by dedicated IT teams or alerting software to receive
patches to address new security issues as they arise.”

With ever more items connected online, privacy is likely to be
sacrificed for convenience. Many are raising questions this week
about where internet leviathan - and data vacuum - Google is
headed with the purchase of Nest.

For US$3.2 billion, Google bought Nest, owned by former Apple
officials Tony Fadell and Matt Rogers, in a move that puts the
multinational power into the home-hardware business, offering it
further access to the behavior of those who use its web services.

Nest is best known for thermostats and fire detectors
controllable online and that are capable of self-adjusting based
on user-input patterns.

The announcement led to immediate questions about the privacy of
Nest customers. In a statement to TechCrunch, Fadell signaled
that Nest will only use customer information for “providing
and improving Nest’s products and services,” and not for
integration with Google’s formidable advertising apparatus.

Yet Google could still use Nest data as input into its overall
online advertising and its other web services, sending its ads
when a person is at home, for example.